Xen users - May 2012 - ssh from Dom0 to DomU by SSH authorization without password

Hi all,

I met a issue in real experiments. I appreciate if you have any idea about this.

Assume
 that there is a machine with static IP (129.10.xxx.xxx) installed by Xen 
Hypervisor and in that there is a VM created by Xen with the local NAT 
network configuration (IP: 192.168.122.xxx,  Bcast: 192.168.122.255).

I try to implement remote access VM and data transfer by SSH authorization
without password.
It works well when I generate SSH key pair in VM and then remote access any
other 129.10.xx.xx machines without password.
But
 for generating SSH key pair in 129.10.xx.xx machines and then remote 
access VMs, it always prompt interactive request to enter VM''s
password. (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)

I try to implement the overall monitor from a remote machine with static IP by
SSH all the VMs in Xen servers.
Thanks in advance

Best,
Jianzhe

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Hello.

El 08/05/12 10:19, Jerry escribió:
> But for generating SSH key pair in 129.10.xx.xx machines and then remote
> access VMs, it always prompt interactive request to enter VM''s
password.
> (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)
Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub
into 192.168.122.xxx:~/.ssh/authorized_keys ?

Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600?

Try "ssh -v", it''s feedback can give a clue why it insists on
interactive authentication.
> I try to implement the overall monitor from a remote machine with static
> IP by SSH all the VMs in Xen servers.
Perfectly suitable use.

-- 
Alexandre Kouznetsov

Hi Alexandre,

Thanks a lot for your help.
I set all details as you noted. 

I just found the reason.
Once I changed the file name of "id_rsa" in physical machine, the ssh
authorization to VMs failed.
But ssh authorization works well between physical machines even the file name of
id_rsa is changed.
Do you know the reason? Thanks in advance.

Best regards,
Jianzhe





________________________________
 From: Alexandre Kouznetsov <alk@ondore.com>
To: xen-users@lists.xen.org 
Sent: Tuesday, May 8, 2012 1:36 PM
Subject: Re: [Xen-users] ssh from Dom0 to DomU by SSH authorization without
password
 
Hello.

El 08/05/12 10:19, Jerry escribió:
> But for generating SSH key pair in 129.10.xx.xx machines and then remote
> access VMs, it always prompt interactive request to enter VM''s
password.
> (when I want to ssh from Dom0 with 129.10.xx.xx to one of its VMs)
Did you copy the content of 129.10.xx.xx:~/.ssh/id_rsa.pub
into 192.168.122.xxx:~/.ssh/authorized_keys ?

Are the permissions of 129.10.xx.xx:~/.ssh/id_rsa set to 0600?

Try "ssh -v", it''s feedback can give a clue why it insists on
interactive authentication.
> I try to implement the overall monitor from a remote machine with static
> IP by SSH all the VMs in Xen servers.
Perfectly suitable use.

-- Alexandre Kouznetsov

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

El 08/05/12 14:16, Jerry escribió:
> Once I changed the file name of "id_rsa" in physical machine, the
ssh
> authorization to VMs failed.
id_rsa file is read by ssh client.
If you change the default name, ssh client will just ignore it, unless 
you specify the new name in the command line.
> But ssh authorization works well between physical machines even the file
> name of id_rsa is changed.
Maybe you are changing it on a wrong host?
"id_rsa" and "id_rsa.pub" are relevant on the client side,
where you run
the ssh command, "authorized_keys" is relevant on the server side, the
host you are connecting to.
> Do you know the reason?
Beside being a clear offtopic, it''s hard to tell. Increase the
verbosity
level of your ssh client, compare the output.

Please consider "-i" and "-v" descriptions of "man
ssh".

(don''t CC me, I read the list)

-- 
Alexandre Kouznetsov